{"id":5245,"date":"2026-05-17T14:09:51","date_gmt":"2026-05-17T19:09:51","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5245"},"modified":"2026-05-25T17:45:28","modified_gmt":"2026-05-25T22:45:28","slug":"security-operations-brief-may-17-2026","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5245","title":{"rendered":"Security Operations Brief \u2014 May 17, 2026"},"content":{"rendered":"<style>\n.single .entry-title,\n.single .entry-header .entry-title,\n.single .post-title,\n.single header.entry-header h1,\n.single h1.entry-title,\n.single .page-title,\n.post-template-default h1.entry-title,\n.post-template-default .entry-header,\narticle .entry-header,\narticle .entry-title { display: none !important; }\n.single .entry-header { margin: 0 !important; padding: 0 !important; }\n.single .entry-content { margin-top: 0 !important; padding-top: 0 !important; }\n<\/style>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"background-color:#f4f5f7;\">\n<tr>\n<td align=\"center\" style=\"padding:24px 12px;\">\n<table role=\"presentation\" width=\"680\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"max-width:680px;width:100%;background-color:#ffffff;border-radius:8px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,0.08);\">\n<tr>\n<td style=\"background-color:#0c4a6e;background:linear-gradient(135deg,#0c4a6e 0%,#0891b2 100%);padding:32px 28px 24px;color:#ffffff;\">\n<div style=\"font-size:12px;letter-spacing:2px;text-transform:uppercase;opacity:0.75;margin-bottom:8px;color:#ffffff;\">Security Operations Bulletin \u00b7 Issue May 17, 2026<\/div>\n<div style=\"margin:0;font-size:28px;line-height:1.2;font-weight:700;color:#ffffff !important;mso-line-height-rule:exactly;\">The SecOps Brief<\/div>\n<p style=\"margin:8px 0 0;font-size:14px;opacity:0.85;color:#ffffff;\">Running a SOC: tooling, automation, detection engineering, analyst workflows<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 4px;\">\n<h2 style=\"margin:0 0 12px;font-size:18px;color:#0f172a;border-bottom:2px solid #0891b2;padding-bottom:6px;\">This week at a glance<\/h2>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">Operational tooling moved hard this week. <strong>CrowdStrike Signal<\/strong> shipped &ldquo;Automated Leads&rdquo; \u2014 entity-scored detections rather than per-event binary alerts, addressing alert fatigue at its source. <strong>Splunk + Cisco<\/strong> announced six specialized AI agents for Enterprise Security, with two agentic-SOC SKUs (Essentials and Premier) in the Splunk ES 8.2 release. <strong>Elastic<\/strong> embedded native automation directly into Elastic Security and pitched it as &ldquo;eliminating the SOAR automation tax.&rdquo; <strong>Netskope<\/strong> launched AI agents for SOC and NOC automation. On the endpoint side, iOS 26.5 added E2EE for RCS and Android announced an opt-in Intrusion Logging feature for forensic capture &mdash; both relevant to mobile IR playbooks.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:18px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Entity graph &mdash; vendors, products, studies, and how they cross-correlate<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<p style=\"margin:0 0 8px;font-size:11px;color:#64748b;\">Every named entity extracted from this week&#8217;s 20 articles, with the SOC at the center and edges showing direct relationships.<\/p>\n<div style=\"background-color:#ffffff;border:1px solid #e2e8f0;border-radius:8px;padding:14px;\">\n<img decoding=\"async\" src=\"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-content\/uploads\/2026\/05\/topic-map-secops-2026-05-17-2.png\" alt=\"Topic map for security operations\" style=\"width:100%;max-width:880px;height:auto;display:block;margin:0 auto;\" \/>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Article index<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:14px 0 8px;font-size:15px;color:#0891b2;text-transform:uppercase;letter-spacing:1px;\">Agentic SOC and SIEM\/XDR platforms<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/ai-threat-detection-with-automated-leads\/\" style=\"color:#1d4ed8;text-decoration:none;\">AI Threat Detection with Automated Leads (CrowdStrike Signal)<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CrowdStrike Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 11, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.stocktitan.net\/news\/ESTC\/elastic-eliminates-the-soar-automation-tax-with-native-048s83gkm6vq.html\" style=\"color:#1d4ed8;text-decoration:none;\">Elastic adds native security workflows, drops SOAR need<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">StockTitan<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.networkworld.com\/article\/4167967\/netskope-launches-ai-agents-for-soc-and-noc-automation.html\" style=\"color:#1d4ed8;text-decoration:none;\">Netskope launches AI agents for SOC and NOC automation<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Network World<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.channele2e.com\/news\/splunk-conf25-reflections-analysts-on-splunks-cisco-data-fabric-and-agentic-ai-news\" style=\"color:#1d4ed8;text-decoration:none;\">Splunk + Cisco ship six specialized AI agents and ES 8.2 with agentic SKUs<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">ChannelE2E<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#9333ea;text-transform:uppercase;letter-spacing:1px;\">Detection engineering and analyst workflow<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.sans.org\/webcasts\/state-detection-engineering-2026-what-data-reveals-accuracy-automation-ai-adoption\" style=\"color:#1d4ed8;text-decoration:none;\">The State of Detection Engineering 2026: Accuracy, Automation, AI Adoption<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">SANS Institute<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 11, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/03\/26\/future-ai-soc-vendor-claims\/\" style=\"color:#1d4ed8;text-decoration:none;\">AI SOC vendors are selling a future that production deployments haven&#8217;t reached yet<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Recent 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/venturebeat.com\/security\/rsac-2026-agentic-soc-agent-telemetry-security-gap\" style=\"color:#1d4ed8;text-decoration:none;\">CrowdStrike, Cisco, and Palo Alto all shipped agentic SOC tools at RSAC 2026 \u2014 the agent behavioral baseline gap survived all three<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">VentureBeat<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#16a34a;text-transform:uppercase;letter-spacing:1px;\">Vendor partnerships and operational news<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/hipther.com\/latest-news\/2026\/05\/14\/111726\/cybersecurity-roundup-partnerships-funding-and-emerging-threats-may-14-2026-palo-alto-networks-microsoft-foxconn-cisa-g7-and-ai-security-leaders\/\" style=\"color:#1d4ed8;text-decoration:none;\">Cybersecurity Roundup: Partnerships, Funding &mdash; PANW, Microsoft, Foxconn, CISA, G7<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Hipther<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 14, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/hipther.com\/latest-news\/2026\/05\/15\/111800\/cybersecurity-roundup-partnerships-funding-and-emerging-threats-may-15-2026-cisco-sd-wan-ai-driven-government-defense-fort-bragg-and-keypasco\/\" style=\"color:#1d4ed8;text-decoration:none;\">Cybersecurity Roundup: Partnerships, Funding &mdash; Cisco SD-WAN, Fort Bragg, Keypasco<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Hipther<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 15, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/ir.crowdstrike.com\/news-releases\/news-release-details\/crowdstrike-recognizes-2026-americas-partners-driving-growth\" style=\"color:#1d4ed8;text-decoration:none;\">CrowdStrike Recognizes 2026 Americas Partners Driving Growth with Falcon Platform<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CrowdStrike<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#1e3a8a;text-transform:uppercase;letter-spacing:1px;\">Endpoint, mobile, and forensics<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thehackernews.com\/2026\/05\/ios-265-brings-default-end-to-end.html\" style=\"color:#1d4ed8;text-decoration:none;\">iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Hacker News<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 11&ndash;12, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thehackernews.com\/2026\/05\/android-adds-intrusion-logging-for.html\" style=\"color:#1d4ed8;text-decoration:none;\">Android Adds Intrusion Logging for Sophisticated Spyware Forensics<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Hacker News<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 12&ndash;13, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#475569;text-transform:uppercase;letter-spacing:1px;\">Foundational reading <span style=\"font-weight:400;text-transform:none;letter-spacing:0;color:#9ca3af;font-size:11px;\">(refreshed weekly)<\/span><\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/04\/09\/the-agentic-soc-rethinking-secops-for-the-next-decade\/\" style=\"color:#1d4ed8;text-decoration:none;\">The agentic SOC \u2014 Rethinking SecOps for the next decade<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Microsoft Security Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">April 9, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.crowdstrike.com\/en-us\/press-releases\/crowdstrike-delivers-agentic-mdr-to-stop-breaches-at-machine-speed\/\" style=\"color:#1d4ed8;text-decoration:none;\">CrowdStrike Delivers Agentic MDR to Stop Breaches at Machine Speed<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">CrowdStrike<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">March 24, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/reliaquest.com\/cyber-knowledge\/how-to-build-an-ai-soc-security-operations-center\/\" style=\"color:#1d4ed8;text-decoration:none;\">How to Build an AI-Driven SOC: A Practical Guide for Security Leaders<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">ReliaQuest<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.rapid7.com\/blog\/post\/dr-modern-soc-vs-alert-fatigue-siem-ebook\/\" style=\"color:#1d4ed8;text-decoration:none;\">Alert Fatigue Isn&#8217;t Going Away. Here&#8217;s How Modern SOCs Are Fighting Back<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Rapid7<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/intezer.com\/blog\/top-15-ai-soc-platforms-in-2026\/\" style=\"color:#1d4ed8;text-decoration:none;\">Top 15 AI SOC Tools for 2026: SOC Automation Compared<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Intezer<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.conifers.ai\/blog\/soc-automation-in-2026-what-works-beyond-the-hype\" style=\"color:#1d4ed8;text-decoration:none;\">SOC Automation in 2026: What Works Beyond the Hype<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Conifers.ai<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.iansresearch.com\/resources\/all-blogs\/post\/security-blog\/2026\/01\/29\/how-tabletop-exercises-transform-incident-response-readiness\" style=\"color:#1d4ed8;text-decoration:none;\">How Tabletop Exercises Transform Incident Response Readiness<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">IANS Research<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">January 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/securityboulevard.com\/2026\/03\/7-tabletop-exercise-scenarios-every-cybersecurity-team-should-practice-in-2026\/\" style=\"color:#1d4ed8;text-decoration:none;\">7 tabletop exercise scenarios every cybersecurity team should practice in 2026<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Security Boulevard<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">March 2026<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Detailed write-ups<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">CrowdStrike Signal: Automated Leads (May 11)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Entity-scored detections in Falcon: indicators are tagged to a host or identity rather than treated as binary alerts, scores accumulate across events, and the engine surfaces &ldquo;zero detect&rdquo; clusters &mdash; suspicious behavior groups that wouldn&rsquo;t trigger any single high-confidence alert. Direct attack on alert fatigue.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/ai-threat-detection-with-automated-leads\/\" style=\"color:#1d4ed8;text-decoration:none;\">CrowdStrike Blog<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Elastic drops the &ldquo;SOAR tax&rdquo;<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Elastic Workflows ships native automation built directly into Elastic Security, with access to alerts, cases, and investigation data without a separate SOAR product. Worth modeling against your current SIEM + SOAR licensing if Elastic is in your stack.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.stocktitan.net\/news\/ESTC\/elastic-eliminates-the-soar-automation-tax-with-native-048s83gkm6vq.html\" style=\"color:#1d4ed8;text-decoration:none;\">StockTitan<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Splunk + Cisco ship six specialized AI agents and ES 8.2<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Six purpose-built agents for Splunk Enterprise Security: Detection Builder, Triage, Guided Response, Standard Operating Procedures, Malware Threat Reversing, and Automation Builder. Two new agentic SKUs (Essentials and Premier) ship in Splunk ES 8.2, with most agents in alpha\/prerelease through June 2026.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.channele2e.com\/news\/splunk-conf25-reflections-analysts-on-splunks-cisco-data-fabric-and-agentic-ai-news\" style=\"color:#1d4ed8;text-decoration:none;\">ChannelE2E<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Netskope AI agents for SOC and NOC<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Netskope One AgentSkope is an agentic AI framework designed to automate security and network operations workflows \u2014 alert triage, investigation, response. Notable for unifying SOC and NOC under a shared agentic substrate.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.networkworld.com\/article\/4167967\/netskope-launches-ai-agents-for-soc-and-noc-automation.html\" style=\"color:#1d4ed8;text-decoration:none;\">Network World<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">SANS: State of Detection Engineering 2026 (May 11)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">SANS webcast on detection accuracy, Detection-as-Code adoption, workflow automation, and the role of AI in SOC operations. Frame against the Conifers and Intezer-style maturity models for an honest baseline conversation in your team.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.sans.org\/webcasts\/state-detection-engineering-2026-what-data-reveals-accuracy-automation-ai-adoption\" style=\"color:#1d4ed8;text-decoration:none;\">SANS Institute<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Help Net Security: AI SOC vendors are selling a future production hasn&#8217;t reached<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">A useful counterweight to the vendor noise: a lot of marketed agentic-SOC capability is not yet operational in production environments. Read before signing a multi-year agentic-SOC commit.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/03\/26\/future-ai-soc-vendor-claims\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">iOS 26.5 + Android Intrusion Logging<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">iOS 26.5 brings default E2E-encrypted RCS between iPhone and Android, based on the MLS protocol in RCS Universal Profile 3.0; a lock icon indicates encrypted threads. Android&rsquo;s new opt-in <strong>Intrusion Logging<\/strong> in Advanced Protection captures daily device and network telemetry in E2EE logs stored on Google servers, built with Amnesty International and Reporters Without Borders for high-risk users. Both updates have IR-playbook implications for mobile forensics.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/thehackernews.com\/2026\/05\/ios-265-brings-default-end-to-end.html\" style=\"color:#1d4ed8;text-decoration:none;\">The Hacker News (iOS 26.5)<\/a> &middot; <a href=\"https:\/\/thehackernews.com\/2026\/05\/android-adds-intrusion-logging-for.html\" style=\"color:#1d4ed8;text-decoration:none;\">The Hacker News (Android Intrusion Logging)<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Calls to action for the next 7 days<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<ol style=\"margin:0 0 12px 18px;padding:0;font-size:14px;color:#374151;\">\n<li style=\"margin-bottom:8px;\"><strong>Model your agentic-SOC roadmap<\/strong> against Splunk ES 8.2, CrowdStrike Signal, Elastic Workflows, and Netskope AgentSkope. Pick a baseline that doesn&rsquo;t paint you into a corner.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Run a detection-engineering health check<\/strong> using the SANS 2026 framework: accuracy, automation coverage, Detection-as-Code adoption.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Pressure-test agentic claims<\/strong> with vendors per the Help Net article \u2014 what runs in production today vs. demo-only.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Update mobile IR playbooks<\/strong> for iOS 26.5 RCS E2EE and Android Intrusion Logging artifact collection.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Re-baseline alert volumes<\/strong> against the Forrester benchmark (~11K\/day, ~22 worthy) and identify your biggest fragmented-signal sources.<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 32px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:12px;text-align:center;\">\n<p style=\"margin:0 0 6px;color:#6b7280;\">The SecOps Brief &middot; a Newshunter publication<\/p>\n<p style=\"margin:0 0 6px;color:#6b7280;\">Weekly news items are from the previous seven days. Foundational reading is refreshed each week.<\/p>\n<p style=\"margin:0 0 10px;color:#6b7280;\"><a href=\"*|UNSUB|*\" style=\"color:#1d4ed8;text-decoration:none;\">Unsubscribe<\/a> &middot; <a href=\"*|ARCHIVE|*\" style=\"color:#1d4ed8;text-decoration:none;\">View in browser<\/a><\/p>\n<p style=\"margin:14px 0 4px;font-size:11px;color:#9ca3af;\">Newsletter design, layout, and editorial curation &copy; 2026 Security Radar LLC. All rights reserved.<\/p>\n<p style=\"margin:0;font-size:11px;color:#9ca3af;\">Article titles and summaries are excerpted for review and commentary; all linked articles remain the copyright of their respective publishers and authors.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Security Operations Bulletin \u00b7 Issue May 17, 2026 The SecOps Brief Running a SOC: tooling, automation, detection engineering, analyst workflows This week at a glance Operational tooling moved hard this week. CrowdStrike Signal shipped &ldquo;Automated Leads&rdquo; \u2014 entity-scored detections rather than per-event binary alerts, addressing alert fatigue at its source&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38],"tags":[],"class_list":["post-5245","post","type-post","status-publish","format-standard","hentry","category-security-operations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5245"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5245\/revisions"}],"predecessor-version":[{"id":5249,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5245\/revisions\/5249"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}